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In the Claims : 

1. (Previously Presented) Apparatus for use by a first party for key 
management for secure communication with a second party, said key management 
being to provide at each party, simultaneously remotely, identical keys for said secure 
communication without transferring said keys or components thereof over any 
communication link, the apparatus comprising: 

a datastream extractor, configured to extract a bitstream from data exchanged 
between said parties; 

a random selector configured with selection settings identical to those at said 
second party said selection settings defining a selection, from said bitstream, of a 
series of bits in accordance with a randomization within said random selector, said 
randomization seeded by said data exchanged between said parties, said 
randomization being identical to a randomization carried out at said second party, 
thereby ensuring that said series of bits is identically selected at both parties; 

a key generator configured for separately generating at said first party a key for 
encryption/decryption based on said series of bits, 

thereby to separately generate a key at said first party which is identical to a 
key likewise generated at said second party based on said exchanged information, thus 
to manage key generation in a manner repeatable at said parties, without transferring 
said keys or components thereof over any communication link. 

2. (Original) Apparatus according to claim 1, the random selector being 
operable to use results of said randomization as addresses to point to bits in said 
datastream. 



3. (Original) Apparatus according to claim 1, said key generator operable to 
generate a new key after a predetermined number of message bits have been 
exchanged between said parties. 
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4. (Original) Apparatus according to claim 3, said predetermined number of 
message bits being substantially equal to a length in bits of said key. 

5. (Original) Apparatus according to claim 1, further comprising a control 
messager for sending control messages to said remote party, thereby to indicate to said 
remote party a state of said apparatus to enable said remote party to determine whether 
said remote party is synchronized therewith to generate an identical key. 

6. (Original) Apparatus according to claim 5, further comprising a 
synchronized state determiner, for determining from control messages received from a 
remote party whether said apparatus is synchronized therewith to generate an identical 
key. 

7. (Original) Apparatus according to claim 6, further comprising a 
resynchronizer, associated with said synchronous state determiner, said resynchronizer 
having a resynchronization random selector for selecting, from a part of said bitstream 
previously used by said random selector, a series of bits in accordance with a 
randomization seeded by said data exchanged between said parties,, in the event of 
determination of synchronization loss, thereby to regain synchronization. 

8. (Original) Apparatus according to claim 7, wherein said series of bits is a 
series of bits previously used by said random selector. 



9. (Original) Apparatus according to claim 6, wherein said control messager 
is operatively connected to said synchronous state determiner, thereby to include 
within said control messages a determination of synchronization loss. 
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10. (Original) Apparatus according to claim 7, wherein said control messager 
is operatively connected with said resynchronizer, to control said resynchronizer to 
carry out said selection in the event of receipt of a message from said remote party that 
said remote party has lost synchronization. 

1 1 . (Original) Apparatus according to claim 7, said data communication 
being arranged in cycles, said part of said bitstream being exchangeable in each cycle. 

12. (Original) Apparatus according to claim 11, said cycle being arranged 
into sub-units, each said cycle having an exchange point at its beginning for carrying 
out said exchange. 

13. (Original) Apparatus according to claim 10, said messager being usable to 
exchange control messages with said remote party to ensure that a same bitstream 
part is used for resynchronization at both said parties. 

14. (Original) Apparatus according to claim 12, said messager being usable to 
vary a control message in accordance with a sub-cycle current at a synchronization 
loss event, thereby to control said remote party to resynchronize using a same 
bitstream part. 

15. (Original) Apparatus according to claim 14, operable to respond to 
messages sent by a remote party following said synchronization loss event, to revert to 
same said bitstream part as said message indicates that said remote party intends to 
use. 



16. (Original) Apparatus according to claim 1, comprising circuitry for 
determining which of itself and said remote party is a transmitting party and being 
operable to control said synchronization when it is a transmitting party and to respond 
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to control commands of said remote party when said remote party is said transmitting 
party. 

17. (Original) Apparatus according to claim 6, wherein said synchronized 
state determiner comprises: 

a calculation circuit for carrying out an irreversible calculation on any one of 
said bitstream, said randomization, said key and derivations thereof, and 

a comparator for comparing a result of said calculation with a result received 
from said remote party, 

thereby to determine whether said parties are in synchronization. 

18. (Original) Apparatus according to claim 17, wherein said irreversible 
calculation comprises a one-way function. 

19. (Original) Apparatus according to claim 1, said system being operable to 
provide key management for a symmetric cryptography algorithm. 

20. (Original) Apparatus according to claim 19, being constructed 
modularwise such that said cryptography algorithm is exchangeable. 

21. (Currently Amended) A system for providing key management 
between at least two separate parties, the system comprising 

a primary bitstream for exchange between said parties, 
and at each party: 

a selector configured with identical settings, said settings defining a random 
selection at predetermined selection intervals, of parts of said primary bitstream to 
form a derived bit source, each selector being operable to use said derived bit source, 
in an identical manner, to randomize said selecting of parts of said primary bitstream . 
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said identical settings ensuring that each party derives an identical derived bit source, 
and 

a key generator configured for separately generating at each of said separate 
parties cryptography keys at predetermined key generating intervals using said derived 
bit source of a corresponding selection interval, said cryptographic keys being 
identical at each of said separate parties. 

22. (Original) A system according to claim 21, wherein said primary bitstream 
is obtainable as a stream of bits from a data communication process between said two 
parties. 

23. (Original) A system according to claim 21, wherein said bits in said 
primary bitstream are separately identifiable by an address, and wherein said selector 
is operable to select said bits by random selection of addresses. 

24. (Original) A system according to claim 21, wherein each selector 
comprises an address generator and each address generator is identically set. 

25. (Original) A system according to claim 21, further comprising a controller 
for exchanging control data between said parties to enable each party to determine that 
each selector is operating synchronously at each party. 

26. (Original) A system according to claim 25, wherein said control data 
includes any one of a group comprising: 

redundancy check data, and 
a hash encoding result, 
of at least some of the bits from said derived bit source. 
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27. (Original) A system according to claim 25, wherein said control data 
includes any one of a group comprising: 

redundancy check data, and 
a hash encoding result, 
of at least some of the bits of said randomization. 

28. (Original) A system according to claim 25, wherein said control data 
includes any one of a group comprising: 

redundancy check data, and 
a hash encoding result, 
of at least some of the bits from said key. 

29. (Original) A system according to claim 25, wherein said control data 
includes any one of a group comprising: 

redundancy check data of at least some of said addresses, and 
a hash encoding result of at least some of said addresses. 

30. (Original) A system according to claim 25, further comprising at each 
party a resynchronizer operable to determine from said control data that 
synchronization has been lost between the parties and to regain synchronization based 
on a predetermined earlier part of said derived bit source. 

31. (Original) A system according to claim 22, further comprising at each party 
a resynchronizer operable to determine from control data exchanged between said 
parties that synchronization has been lost between said parties and to regain 
synchronization based on a predetermined earlier part of said derived bit source. 
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32. (Original) A system according to claim 31, said data communication 
process being arranged in cycles, said predetermined earlier part being exchangeable 
in each cycle. 

33. (Original) A system according to claim 32, said cycles being arranged into 
sub-units, each said cycle having an exchange point at its beginning for carrying out 
said exchange of said predetermined earlier part of said derived bit source. 

34. (Original) A system according to claim 30, said controller being usable to 
include in said control messages, data to ensure that a predetermined earlier part of 
said derived bit source of a same cycle is used for resynchronization at both said 
parties. 

35. (Original) A system according to claim 33, said controller being usable to 
vary a control message in accordance with a sub-cycle current at a synchronization 
loss event, thereby to control said remote party to resynchronize using same said 
predetermined earlier part of said derived bit source. 

36. (Original) A system according to claim 35, operable to respond to 
messages sent by a remote party following said synchronization loss event, to revert to 
same said predetermined earlier part of said derived bit source as said message 
indicates that said remote party intends to use. 

37. (Previously Presented) A method of key management with at least one 
remote party, comprising the steps of: 

sharing with said remote party a primary data stream, 

using said primary data stream and identical settings at each party to form an 
identical randomizer at each party, 
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selecting parts of said primary data stream using said identical randomizer at 
each party to form identical derived data sources independently at each party, and 

using said derived data source to form identical cryptography keys separately 
at different parties at predetermined intervals. 

38. (Original) A method according to claim 37, wherein said primary data 
source is obtainable as a stream of bits from a communication process between said 
two parties. 

39. (Original) A method according to claim 37, wherein said primary data 
source comprises a stream of data bits divisible into data units and comprising 
selecting at random from the data bits of each data unit. 

40. (Original) A method according to claim 39, wherein said bits in said data 
units are separately identifiable by addresses, and comprising selecting said bits by 
using said randomizer as an address pointer. 

41. (Original) A method according to claim 37, wherein selecting is carried 
out by using identically set pseudorandom data generation at each party, and using 
said derived data source as a seed for said pseudorandom data generation. 

42. (Original) A method according to claim 37, further comprising 
exchanging control data between said parties to enable each party to determine 
whether they are operating synchronously with said other party. 

43. (Original) A method according to claim 42, wherein said control data 
includes any one of a group comprising: 

redundancy check data of at least some of said derived data source, and 
a hash encoding result of at least some of said derived data source. 
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44. (Original) A method according to claim 42, comprising determining from 
said control data that synchronization has been lost between the parties and regaining 
synchronization based on a predetermined earlier part of said derived data source. 

45. (Original) A method according to claim 44, further comprising a step of 
exchanging said predetermined earlier part of said derived data source at 
predetermined intervals. 

46. (Original) A method according to claim 45, further comprising steps of: 
determining a possibility of each party being at a different cycle at 

synchronization loss, and 

controlling said resynchronization to use a same predetermined earlier part of 

said derived data source at both parties. 

47. (Original) A method according to claim 45, further comprising creating in 
advance a future cycle's predetermined earlier part of said derived data source for 
resynchronizing with a party that has already moved to such a cycle. 



48. (Original) A method according to claim 37, in use to provide key 
management for a symmetric cryptography algorithm. 



